No matter how much layer of security you implement on a computer there always will be one area that is protected by a simple old access control, the memory.
You can have a complex password policy, dual factor authentication, full disk encryption, file encryption which could even be extended through the use of an Information Right Management solution, for that protected information to be accessed and manipulated it needs to be decrypted into memory.
The security of that data in memory then relies on memory access control and proper segregation, I am not sure we can talk about memory sandboxing but thats the same idea. The data will, of course, also rely on the physical security of the device it is hosted on.
Gaining administrator access on that device would therefore grant you access to the full memory.
This last point is of significance.
For IRM solutions, being an administrator on a device does not necessarily mean you also have access to the users IR...
>>[READ MORE]
The inevitable rise of malware on mobile devices
#31 - Posted on
21 February 2011 - Author: SM - Category: Security
Although it has been announced for quite some time that malware is growing on the mobile market, it is still not very visible.
That does not mean it isn’t already here or will be.
Below is an interesting article on a mobile developer who was contacted by a company that wanted to pay him some money as long as he included some of their “codes” into his popular game.
It was in fact, malware. It could directly call premium number without the user intervention or even eavesdrop on the microphone.
It has a happy ending as the developer decided against using that code and instead warn others. But for one good deed, how many have fallen or will fall for the money?
Websense Article on the White Hat Developer
Now the question is: Would this be possible on the iPhone with the Apps Store?
...
>>[READ MORE]
Do what I say not what I do
#30 - Posted on
18 February 2011 - Author: SM - Category: Security, Hacking
Below is a very good article describing the recent battle between the Anonymous Hacking group and the HBGary company.
In a nutshell, a security company, “HBGary”, who is also working for the US government was about to release what they think were the identity of a hacking group called “Anonymous” who conducted some high profile hacks against large organisations who were against the wikileaks website. The hacking group response was swift and brutal, they hacked the HBGary websites, defaced them, hacked into the owner’s email account and grabbed lot of user personal information from one of the company’s related website, rootkit.com
It provides a good example of the old adage “do what I say not what I do” but this time in the world of IT Security. Of course you can almost never get IT Security 100% right, but in that case it would seem some of the security weaknesses that were exploited should have never been...
>>[READ MORE]
The world of Computer Forensics
#29 - Posted on
14 February 2011 - Author: SM - Category: Security, Conferences
I have recently attended a SANS Forensic course in London. It was the best training course I have ever been to, not only the content was really interesting and very well delivered but all the extra activities surrounding the training course were outstanding (presentations, challenges, social events, etc).
Forensic was new to me and I found the techniques taught as very good eye openers in two different ways:
–Forensic techniques can be applied to other area of IT security than just forensic investigations, such as malware analysis and DLP. The latter was a bit of a surprise to me, but by understanding some of the forensic techniques you can also understand how part of a DLP engine would work when searching for specific files on filesystems (at rest) and recognised/tagged when on the network (on the move). I will find it interesting to see if my new know...
>>[READ MORE]
New iOS Security attack, this time it looks bad!
#28 - Posted on
11 February 2011 - Author: SM - Category: Security, Hacking
Another attack on the iOS security has been published today and there are two recurring themes to the attacks I described in previous posts, namely: weaknesses with the Keychain and iOS encryption implementation.
But this time they have been used differently and seem to provide an attacker access to any passwords stored on an iOS device, even if it is passcode protected.
One main difference in this attack, is that the attacker would only requires the iOS devices and nothing else (as opposed to the relevant synced PC with previous attacks).
It also seems to prove Zdiarski’s concerns over the iOS encryption controls to be true.
The attack used some jailbreaking techniques to access the iOS device boot/ram, bypassing the passcode and using the OS to run a script to access the local keychain and all the passwords it may contain (email, VPN, web apps, etc)
It seems that the encrypted data is not linked to the user passcode, which means that if someone ca...
>>[READ MORE]